I've found this article to be quite interesting. I feel comfortable providing this link since Mr. Templeton specifically wrote "Certainly you can feel free to link to these pages!".
Since we're on the topic of "the right to link", I'd like to go off on a slight tangent that has nothing to do with MP3Board. What are the opinions here on framing another site's content without permission? When does framing (or any sort of hyperlinking) represent a derivative work? To clarify, let me pose three different purposes:
Framing for content - One site frames the content of another, essentially co-opting the work, whether its attibutable or not. (i.e. Washington Post v. TotalNews...a case which settled without a court decision)
Framing for persistence - One site or service frames links to external content, but the frame retains the brand and any advertising within shared space in the browser window. Does providing a drop-frame function mitigate the practice (see Hotmail, AskJeeves, and About.Com for examples.)
Framing for functionality - A less common rationale, but consider a tool like a Web-based proxy service. Some fetch pages, at the behest of the user, and render them within a frameset that includes a navigation function and, perhaps, advertising. What now?
Opinions? Would prefer to stay away from the stylistic issues. (Still would like to see this question posted to AskSlashdot, but it's been pending for two weeks now and have no idea when the dreaded "rejected" notice will appear.)
I've long resisted turning to legislation as the answer to the consumer's privacy concerns. This is normally viewed as the hallmark of industry-supported lobbying, attempting to maintain the abusive status quo. I realize that regulation and oversight is intended to protect the consumer from privacy intrusion however I mistrust the government's (US anyway) ability to address the situation more efficiently than the marketplace.
The paradox I see is that while something like 90% of people online list privacy as their primary concern, general behavioral practices don't support that. People dole out personal information for online lotteries, to get free Web space, to get "paid to surf", to get free PCs -- as if there were no value to the data at all. Either that or their valuation is much lower than mine. Generally, (and this certainly doesn't apply to Slashdotters, eh?), people don't know to insulate their primary email address or to be judicious in filling out forms, particularly when the data isn't required, or how to take protective measures when surfing "promiscuously". Though it's been a hot button issue, most people don't get what HTTP cookies are, assuming they've even heard of them. I asked my young nephew who spends an inordinate amount of time online if he ever surfs anonymously. "Oh, all the time" he said. I asked him what he did to stay anonymous and he gives me a quizzical stare and says "I just don't tell anyone who I am". I'm sorry, but this may seem profoundly naive to this crowd but the truth is that the vast majority have no clue and probably don't want to have to deal with the details. They just want to know that what they perceive is true...that electronic communications are somehow inherently private.
I've been a believer that educating the user/consumer to take more command of his or her personal information was much more empowering than having "big daddy" government do it for us, especially if the masses out there don't seem to care as strongly as the advocates. Is that ignorance? I certainly don't think anyone is justified in saying the person who makes the educated decision to expose his personal details in return for something (whether it be a free giveaway, opt-in targeted advertising, or just a customized homepage at Yahoo) is a fool who doesn't appreciate the degree of intrusion. The key is that it must be an EDUCATED choice...not one clouded by ignorance. I do think what we need is for the marketplace to react by penalizing companies or entities that abuse the trusted consumer/provider relationship. It's our obligation to demand and examine the privacy statement and not just see that one exists or that there's some toothless seal attached to it. We must be judicious in limiting data in registration forms to only what the requester has a need to know and with what matches our comfort level with regard to personally identifiable information. We don't have to be evangelical paranoids, worried about "cookies filling up our harddrives" or charging that Anonymizer.Com is a front for the FBI. We simply need to help the common Internet user know that choice is already in his hands (assuming the cat's not already out of the bag).
I'm not suggesting that there isn't a role for legislation or regulation. I certainly would like to see some standardized method to let consumers rely on a spoon-fed assurance of privacy and the means for remedy if the guarantee is violated. But what I think we'll end up getting are "Surgeon General" style warnings about how your personal data is going to be exploited before the registration process, and we'll become dulled to it just as I bet 99% of you breeze on past the Terms of Service or Acceptable Use Policy statements (you've seen one, you've seen them all, right?).
Now that my long-winded position has been poorly articulated, I end by saying that mine may be a Utopian goal. We'll never be able to rely on education and experience as a protective umbrella for all users. And while I'd like to see consumer privacy demands influence the marketplace, <sigh>I'm beginning to acquiesce and see the necessity for oversight. </sigh>
"Posted, wondering if there's life in these old threads once they drop off the main page." I guess not. But, in case anyone's still reading, here's Wired's article
People love panaceas. We want "set and forget" protection. But firewalls alone aren't the solution to intrusion threats. Complacent reliance on anti-virus software, no matter how often it's updated, isn't the answer to the perniciousness of virii, worms and trojans. Likewise, demanding technical or legislative placebos for our privacy concerns is misguided when the primary threat to privacy is behavioral. Rather than gripe about the insidiousness of cookies, we need to hold ourselves accountable for the amount of information we willingly fork over and learn to treat our information with at least the same sense of value that the Doubleclick's of the world place on it.
Michael. I appreciate your cynicism. Industry has done little to gain the public trust as a caretaker of personal information or defender of privacy. Without critical perspectives, you are liable to wind up with self-serving, public relations-oriented efforts like the Personalization Consortium. However, I do not believe that the evolution of privacy protection in the digital age is served by perpetuating fear. Doubleclick is responding to market pressure. While I like knowing the composition of the council, I'm not apt to immediately consider the effort suspect. Doubleclick has a business goal. I don't begrudge them that. But I also think the first line of defense is the responsibility of the individual.
Cookies? I want 'em. The Web works a lot better with them. Your opinion may vary, but we all would probably like more control and visibility over them. For the Slashdot audience, setting cookie defenses is a trivial exercise. But for the "unclean masses", cookies are a mystery. If all they hear are the dangers to privacy that cookies represent, then they will base their opinions on FUD.
I support the advocacy efforts of the CDT, EPIC, and EFF. But I also fear the clumsy hammer of regulation. The pressure (driven by public relations, market demand and the fear of government regulation) on Doubleclick is a good thing, but let's educate and not spread hysteria.
Posted, wondering if there's life in these old threads once they drop off the main page.
Well...maybe the "dammit" was a little much, but it was more of a "dammit" along the lines of "I'm Gumby, dammit!"
I was unable to convince a lawyer friend of the destinction between a "Web site" and a "Web program" so either he doesn't understand the technology or I don't understand copyright (or maybe I don't understand the technology). The next few years are going to be very interesting.
It makes sense to have a distinction between what you can do as a local user, and what you can do in a server and then retransmit to random people
No...it doesn't make sense at all. One of the advantages of a client-server architecture is distribution of the application. The Dialectizer is an application embodied in a Web site. The server isn't serving pre-crafted content that some author composed to parody another site. The user invokes the application and so creates the parody using the application. It shouldn't matter whether or not this runs on the server or the client. Equating the protection of the Dialectizer to filters or browser settings on the client end is appropriate.
On another note, I wonder when About.Com will come under fire for framing (with advertising) links to external references or Anonymizer.Com for altering proxied pages with its own brand.
Use a "cookie managing" anonymizer like PrivadaProxy or Freedom. They aren't free...I prefer Freedom...and not just because the link includes my affiliate ID:-)
Use a "cookie managing" Web-based proxy. If you are going to surf promiscuously (whatever that means) where this exploit might rear its head, you can use The Cloak which is distinguished from Anonymizer et. al. in that it caches cookies remotely. Bandwidth limiting and you have to remember to use it, but it's free of charge.
And here I am trying to dampen paranoia about cookies. (I love the Slashdot FAQ on cookies.)
But this bothers me and sounds similar to the bug reported at CookieCentral a long time ago. I'm trying to digest how this is different and what danger (and likelihood of appearance) this represents "in the wild".
Answers here or to me by email would be appreciated.
Slashdot Mirror
I've found this article to be quite interesting. I feel comfortable providing this link since Mr. Templeton specifically wrote "Certainly you can feel free to link to these pages!".
Since we're on the topic of "the right to link", I'd like to go off on a slight tangent that has nothing to do with MP3Board. What are the opinions here on framing another site's content without permission? When does framing (or any sort of hyperlinking) represent a derivative work? To clarify, let me pose three different purposes:
- Framing for content - One site frames the content of another, essentially co-opting the work, whether its attibutable or not. (i.e. Washington Post v. TotalNews...a case which settled without a court decision)
- Framing for persistence - One site or service frames links to external content, but the frame retains the brand and any advertising within shared space in the browser window. Does providing a drop-frame function mitigate the practice (see Hotmail, AskJeeves, and About.Com for examples.)
- Framing for functionality - A less common rationale, but consider a tool like a Web-based proxy service. Some fetch pages, at the behest of the user, and render them within a frameset that includes a navigation function and, perhaps, advertising. What now?
Opinions? Would prefer to stay away from the stylistic issues. (Still would like to see this question posted to AskSlashdot, but it's been pending for two weeks now and have no idea when the dreaded "rejected" notice will appear.)The paradox I see is that while something like 90% of people online list privacy as their primary concern, general behavioral practices don't support that. People dole out personal information for online lotteries, to get free Web space, to get "paid to surf", to get free PCs -- as if there were no value to the data at all. Either that or their valuation is much lower than mine. Generally, (and this certainly doesn't apply to Slashdotters, eh?), people don't know to insulate their primary email address or to be judicious in filling out forms, particularly when the data isn't required, or how to take protective measures when surfing "promiscuously". Though it's been a hot button issue, most people don't get what HTTP cookies are, assuming they've even heard of them. I asked my young nephew who spends an inordinate amount of time online if he ever surfs anonymously. "Oh, all the time" he said. I asked him what he did to stay anonymous and he gives me a quizzical stare and says "I just don't tell anyone who I am". I'm sorry, but this may seem profoundly naive to this crowd but the truth is that the vast majority have no clue and probably don't want to have to deal with the details. They just want to know that what they perceive is true...that electronic communications are somehow inherently private.
I've been a believer that educating the user/consumer to take more command of his or her personal information was much more empowering than having "big daddy" government do it for us, especially if the masses out there don't seem to care as strongly as the advocates. Is that ignorance? I certainly don't think anyone is justified in saying the person who makes the educated decision to expose his personal details in return for something (whether it be a free giveaway, opt-in targeted advertising, or just a customized homepage at Yahoo) is a fool who doesn't appreciate the degree of intrusion. The key is that it must be an EDUCATED choice...not one clouded by ignorance. I do think what we need is for the marketplace to react by penalizing companies or entities that abuse the trusted consumer/provider relationship. It's our obligation to demand and examine the privacy statement and not just see that one exists or that there's some toothless seal attached to it. We must be judicious in limiting data in registration forms to only what the requester has a need to know and with what matches our comfort level with regard to personally identifiable information. We don't have to be evangelical paranoids, worried about "cookies filling up our harddrives" or charging that Anonymizer.Com is a front for the FBI. We simply need to help the common Internet user know that choice is already in his hands (assuming the cat's not already out of the bag).
I'm not suggesting that there isn't a role for legislation or regulation. I certainly would like to see some standardized method to let consumers rely on a spoon-fed assurance of privacy and the means for remedy if the guarantee is violated. But what I think we'll end up getting are "Surgeon General" style warnings about how your personal data is going to be exploited before the registration process, and we'll become dulled to it just as I bet 99% of you breeze on past the Terms of Service or Acceptable Use Policy statements (you've seen one, you've seen them all, right?).
Now that my long-winded position has been poorly articulated, I end by saying that mine may be a Utopian goal. We'll never be able to rely on education and experience as a protective umbrella for all users. And while I'd like to see consumer privacy demands influence the marketplace, <sigh>I'm beginning to acquiesce and see the necessity for oversight. </sigh>
More here, with echoes of Slashdot's suspicions.
"Posted, wondering if there's life in these old threads once they drop off the main page."
I guess not. But, in case anyone's still reading, here's Wired's article
Michael. I appreciate your cynicism. Industry has done little to gain the public trust as a caretaker of personal information or defender of privacy. Without critical perspectives, you are liable to wind up with self-serving, public relations-oriented efforts like the Personalization Consortium. However, I do not believe that the evolution of privacy protection in the digital age is served by perpetuating fear. Doubleclick is responding to market pressure. While I like knowing the composition of the council, I'm not apt to immediately consider the effort suspect. Doubleclick has a business goal. I don't begrudge them that. But I also think the first line of defense is the responsibility of the individual.
Cookies? I want 'em. The Web works a lot better with them. Your opinion may vary, but we all would probably like more control and visibility over them. For the Slashdot audience, setting cookie defenses is a trivial exercise. But for the "unclean masses", cookies are a mystery. If all they hear are the dangers to privacy that cookies represent, then they will base their opinions on FUD.
I support the advocacy efforts of the CDT, EPIC, and EFF. But I also fear the clumsy hammer of regulation. The pressure (driven by public relations, market demand and the fear of government regulation) on Doubleclick is a good thing, but let's educate and not spread hysteria.
Posted, wondering if there's life in these old threads once they drop off the main page.
I was unable to convince a lawyer friend of the destinction between a "Web site" and a "Web program" so either he doesn't understand the technology or I don't understand copyright (or maybe I don't understand the technology). The next few years are going to be very interesting.
No...it doesn't make sense at all. One of the advantages of a client-server architecture is distribution of the application. The Dialectizer is an application embodied in a Web site. The server isn't serving pre-crafted content that some author composed to parody another site. The user invokes the application and so creates the parody using the application. It shouldn't matter whether or not this runs on the server or the client. Equating the protection of the Dialectizer to filters or browser settings on the client end is appropriate.
On another note, I wonder when About.Com will come under fire for framing (with advertising) links to external references or Anonymizer.Com for altering proxied pages with its own brand.
Other options:
A proxy comparison chart
But this bothers me and sounds similar to the bug reported at CookieCentral a long time ago. I'm trying to digest how this is different and what danger (and likelihood of appearance) this represents "in the wild".
Answers here or to me by email would be appreciated.